qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maverick_muguda <naveenkumar.mug...@gmail.com>
Subject Re: Unable to Setup SSL between Java Client and C++ broker
Date Tue, 04 Sep 2012 09:44:50 GMT
Thanks Robbie. Your suggestion fixed that problem.

 When i rearranged the order of arguments, to the prescribed order, i am
running into an Authentication failed message.

the same  connection URL (without the ssl='true') used to work fine. why
does the same thing fail once i enabled SSL?

I see this error message in the broker's console output:

"
2012-09-04 08:03:58 warning Failed to retrieve sasl username
"

Now if i turn on authentication by updating the qpidd.conf file(auth=yes),
the above mentioned message disappears, but the client side error remains.

The client side trace can be found below:

"
verify_data:  { 208, 246, 102, 70, 193, 230, 117, 14, 240, 106, 93, 3 }
***
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, WRITE:
TLSv1 Handshake, length = 32
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, READ:
TLSv1 Change Cipher Spec, length = 1
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, READ:
TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 186, 100, 120, 68, 136, 96, 84, 109, 230, 123, 195, 41 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, WRITE: TLSv1 Application Data, length = 8
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, WRITE:
TLSv1 Application Data, length = 12
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, WRITE:
TLSv1 Application Data, length = 308
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, WRITE:
TLSv1 Application Data, length = 12
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, WRITE:
TLSv1 Application Data, length = 4
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, called
closeOutbound()
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674,
closeOutboundInternal()
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, SEND
TLSv1 ALERT:  warning, description = close_notify
IoReceiver - ec2-XXX.us-west-1.compute.amazonaws.com/127.0.0.1:5674, WRITE:
TLSv1 Alert, length = 18
javax.jms.JMSException: Error creating connection: connection-forced:
Authentication failed
        at
org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:119)
        at org.apache.qpid.example.Hello.runTest(Hello.java:51)
        at org.apache.qpid.example.Hello.main(Hello.java:40)
Caused by: org.apache.qpid.AMQConnectionFailureException: connection-forced:
Authentication failed [error code 320: connection forced]
        at
org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:435)
        at
org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:115)
        ... 2 more
Caused by: org.apache.qpid.AMQException: Cannot connect to broker:
connection-forced: Authentication failed [error code 320: connection forced]
        at
org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:238)
        at
org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:572)
        at
org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:358)
        ... 3 more
Caused by: org.apache.qpid.transport.ConnectionException: connection-forced:
Authentication failed
        at
org.apache.qpid.transport.ConnectionException.rethrow(ConnectionException.java:67)
        at org.apache.qpid.transport.Connection.connect(Connection.java:260)
        at
org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:219)
        ... 5 more
Caused by: org.apache.qpid.transport.ConnectionException: connection-forced:
Authentication failed
        at
org.apache.qpid.transport.Connection.closeCode(Connection.java:522)
        at
org.apache.qpid.transport.ConnectionDelegate.connectionClose(ConnectionDelegate.java:75)
        at
org.apache.qpid.transport.ConnectionDelegate.connectionClose(ConnectionDelegate.java:40)
        at
org.apache.qpid.transport.ConnectionClose.dispatch(ConnectionClose.java:91)
        at
org.apache.qpid.transport.ConnectionDelegate.control(ConnectionDelegate.java:49)
        at
org.apache.qpid.transport.ConnectionDelegate.control(ConnectionDelegate.java:40)
at org.apache.qpid.transport.Method.delegate(Method.java:163)
        at
org.apache.qpid.transport.Connection.received(Connection.java:367)
        at org.apache.qpid.transport.Connection.received(Connection.java:65)
        at
org.apache.qpid.transport.network.Assembler.emit(Assembler.java:97)
        at
org.apache.qpid.transport.network.Assembler.assemble(Assembler.java:183)
        at
org.apache.qpid.transport.network.Assembler.frame(Assembler.java:131)
        at org.apache.qpid.transport.network.Frame.delegate(Frame.java:128)
        at
org.apache.qpid.transport.network.Assembler.received(Assembler.java:102)
        at
org.apache.qpid.transport.network.Assembler.received(Assembler.java:44)
        at
org.apache.qpid.transport.network.InputHandler.next(InputHandler.java:189)
        at
org.apache.qpid.transport.network.InputHandler.received(InputHandler.java:105)
        at
org.apache.qpid.transport.network.InputHandler.received(InputHandler.java:44)
        at
org.apache.qpid.transport.network.security.ssl.SSLReceiver.received(SSLReceiver.java:123)
        at
org.apache.qpid.transport.network.security.ssl.SSLReceiver.received(SSLReceiver.java:35)
        at
org.apache.qpid.transport.network.io.IoReceiver.run(IoReceiver.java:152)
        at java.lang.Thread.run(Thread.java:679)


"

Do i need to turn on authentication to get SSL working? Eitherway i am
running into the same error, how to fix that.


I also find that the /var/lib/qpidd/qpidd.sasldb file missing, nor am able
to add users though "sasldblistusers2" command, as per the documentation at 
https://qpid.apache.org/books/0.10/AMQP-Messaging-Broker-CPP-Book/html/ch01s05.html
security-howto  "The SASL database is installed at
/var/lib/qpidd/qpidd.sasldb; initially, it has one user named guest in the
QPID realm, and the password for this user is guest. "

Is this a bug? should i create this file manually? Can i create the file by
"touch"ing or is there a different way of creating it?

Please help,
Naveen



--
View this message in context: http://qpid.2158936.n2.nabble.com/Unable-to-Setup-SSL-between-Java-Client-and-C-broker-tp7581558p7581624.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message